When “anti-fraud” becomes “anti-customer”

Home Depot—another victim of a data security breach that could affect many of its credit card customers. Target Stores’ data breach from last year is still a raw nerve for the retail industry. Many more happen all the time that don’t get the huge publicity that these two events have received.

Reportedly, there has already been a class action lawsuit filed against Home Depot by some of its customers in Georgia, for failing to protect them from the breach.

I spend a good share of my time conducting Bank Secrecy Act/anti-money laundering independent reviews of banks each year.

As part of that review I evaluate a bank’s process for monitoring their customers’ accounts and activity for suspicious activity. The banks are looking for unusual activity that might indicate that something illegal is going on or that a customer is possibly structuring transactions to evade the BSA reporting or recordkeeping requirements.

They are also looking for fraud, especially in the area of credit card transactions.

The statistics on credit card fraud are mind blowing. It’s a wonder that any of us are brave enough to have them and use them. According to the website statisticbrain.com, 10% of Americans have been victims of credit card fraud. A total of over $5.55 billion is attributable to credit card fraud worldwide. Apparently, Colorado (where I live) has the second-highest rate of credit card fraud in the U.S., second only to Nevada.

All of which is a prelude for my story.

Accepted everywhere … in Colorado

I’ve got a “situation.”

And my rational, banker brain knows that the bank is trying to prevent credit card fraud.

But, my emotional, consumer brain is angry that the bank blocks my credit card purchases every time I leave the state of Colorado.

Here’s my story.

I have a major credit card that for the past year and a half gets rejected at the point of purchase every time I try to use it at a location outside of my home state.

At first, I didn’t put two and two together. I thought there was something wrong with the merchant’s machine. Or that the card had a faulty magnetic stripe or something.

So I would pull out a different card and proceed with the transaction. After several trips out of state and the same result, I finally got wise. None of my other credit cards had this problem.

It was this card.

So, I call this particular bank that issued the credit card when I get home from my latest trip. (It is not a small bank by any means.) They tell me that they block transactions that are outside my home state because they detect them as being possibly suspicious and fraudulent.

“But, isn’t this supposed to be a Visa, the card that you can use anywhere that Visa is accepted worldwide?” I ask.

Well, yes, they say, but, for me, only in Colorado.

I explain to the customer service representative that I travel a lot and that it is very embarrassing when I try to use my card and it gets rejected at the merchant. He tells me that I can give them a list of the places I travel so that they can put a notice on my account that will allow me to use my card in those places.

I start to try to come up with such a list and then I’m stuck. I don’t know for sure where I might be traveling in the future.

Besides, when I’m listing my usual travel spots, he stops me and says that the list is getting too long already.

“So what can I do?” I ask. He says I just need to call them each time I go somewhere and let them know:

• Where I’m going

• For how long

• And when I plan to come back home.

Right …

That’s the better way?

Now, to me, that seems like too much work. And frankly it feels like some government dictatorship that wants to control its citizens’ movements.

The bank representative’s alternative suggestion is to set up a call authorization whereby the issuer bank will call me on my cell phone when I use my card out-of-state, prior to authorizing it.

Within two seconds I could see lots of logistical difficulties with that too, such as annoyed people behind me in the checkout line.

Or a dead cell phone battery.

“Can’t I just tell you that I use this card when I travel, and that I travel frequently out of state?” I asked.

Nope.

I don’t want to have to give up this credit card. I have an attachment to this credit card. A predecessor bank gave me this credit card way back when I was only 21 years old and it was my first credit card account.

But, I also don’t want to report my comings and goings to this bank every time I decide to travel out of my home state.

I don’t think that’s reasonable. Yet, I know that they are doing this to prevent fraud and reduce their losses. So, they’re damned if they do and damned if they don’t.

And that, in the spirit of the name of this blog, violates common sense …

"Lucy and Nancy’s Common Sense Compliance” is blogged by both Lucy Griffin and Nancy Derr-Castiglione, both Banking Exchange contributing editors on compliance. Nancy, a Certified Regulatory Compliance Manager, is owner of D-C Compliance Services, an independent regulatory compliance consulting services business that has provided expertise in compliance training, monitoring, risk assessment, and policies and procedures to financial institutions since 2002. Previously, Nancy held compliance positions with Bank One Corporation and with United Banks of Colorado. In addition to serving as a Contributing Editor of Banking Exchange, Nancy has served on the ABA Compliance Executive Committee; National and Graduate Compliance Schools board; conference planning committees, and the Editorial Advisory Board for the ABA Bank Compliance magazine. She can be reached at [email protected]